UPnP Problems for Managed/Hosted Video

By: John Honovich, Published on Aug 09, 2010

UPnP's indeterminate support presents significant problems. Managed/hosted video providers using UPnP risk widespread customer unhappiness. Two key issues predominate:

  1. Significant users lack UPnP support for a provider's UPnP implementation.
  2. Users cannot clearly, quickly and certainly determine their network's UPnP support.

We believe reason #2 (indeterminacy) is the most critical problem. Users can accomodate even technology supporting limited populations if conditions can be clearly identified (e.g., products supporting only Linux or Macs). However, knowing a network's UPnP compatability with a given product is neither simple nor straightforward for even technical users.

Our UPnP LinkedIn discussion [link no longer available] and email conversations offer interesting perspectives on this issue:

  • "I'm in various routers most every day setting up port forwarding and most all of them I see have settings to allow enabling UPnP. However, I never even try it anymore. Not for any security reasons, but because (at least when I WAS trying it out more than 3 years ago) it rarely succeeded in enabling port forwarding."
  • "Our experience is that straight UPnP works slightly under 50% of the time"
  • When UPnP is deployed in an unprotected network or in a network with a large number of devices, it could give migraine to SysAdmins."
  • The problem with UPnP is that its not universal, and it's not always plug and play."
  • [Our UPnP experience] has been pretty bad. They both depend on "external" things behaving rationally and per specification"

Most hosted/managed video providers use an application layer VPN (or simply require manual port forwarding). In our current reviews, UPnP dependency was required only by Archerfish Solo.

2 reports cite this report:

10 Manufacturer Cyber Security Compared on Dec 13, 2016
With the rise in exploits and growing awareness of cyber security issues in video surveillance, we tested ten different manufacturer's cameras....
Problems Remain with Cernium's Archerfish Cameras on Apr 14, 2011
In August 2010, we conducted an in-depth test of Cernium's Archerfish Smart Camera. In the test results, we called out problems of analytic...
Comments : Members only. Login. or Join.

Related Reports

Verkada Notification Outage on Dec 12, 2019
Verkada is suffering an event notification outage and analytic search failures. Inside, we examine what the issues are, what Verkada told IPVM...
Remote Access (DDNS vs P2P vs VPN) Usage Statistics 2019 on Oct 25, 2019
Remote access can make systems more usable but also more vulnerable. How are integrators delivring remote access in 2019? How many are using...
3 Weeks Later, Honeywell Still Cannot Say Whether They Are Vulnerable To Dahua Wiretapping [Now Admits] on Aug 27, 2019
The Dahua wiretapping vulnerability and Dahua's decision to delay disclosing it until IPVM inquired underscored problems with cybersecurity and...
Warning: Windows 7 Update Crashing NVRs on Aug 26, 2019
Windows 7 updates are causing VMS servers to fail to boot. After running the update, impacted systems do not boot as normal, instead display this...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Axis Suffers Outage, Provides Postmortem on Aug 15, 2019
This week, Axis suffered an outage impacting their website and cloud services. Inside this note, we examined what happened, what was impacted...
'CCTV' Is the Past, Cloud Video Surveillance Is the Future on Jul 08, 2019
A fundamental shift is happening. For decades, video surveillance was overwhelmingly 'closed' and off the Internet. This is changing. More and more...
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
HTTPS / SSL Video Surveillance Usage Statistics on Apr 01, 2019
HTTPS / SSL / TLS usage has become commonplace for websites to improve security and, in particular, to help mitigate attackers reading or modifying...

Most Recent Industry Reports

IPVM's 12th Anniversary - Thank You! on Apr 07, 2020
IPVM is proud to celebrate it's 12 anniversary expanding our commitment to providing the industry independent and objective information on video...
Mobotix Thermal Body Temperature Detection Examined on Apr 07, 2020
Mobotix has jumped into the Coronavirus temperature detection market, but how do they compare to thermal incumbents like FLIR or ICI who have been...
Verkada Coronavirus Response: Free Temp Systems For Government and Health Care on Apr 07, 2020
Verkada has built a reputation on giving away things for free - free Yeti Tumblers, free trial cameras and now free temporary systems for...
Hikvision USA Refuses, Dahua USA Drives Forward With "Coronavirus Cameras" on Apr 07, 2020
Both have been federally banned, both sanctioned for human rights abuses but only one - Dahua - is taking aim at the booming "coronavirus cameras"...
China Surveillance Vulnerabilities Being Used To Attack China, Says China on Apr 07, 2020
While China video surveillance vulnerabilities have been much debated in the West in the past few years, China is now saying those vulnerabilities...
USA ICI Elevated Skin Temperature Detectors Examined on Apr 06, 2020
Infrared Cameras, Inc. (ICI) is aiming to help slow the spread of COVID-19 with "pinpoint accurate skin temperature measurement" using their...
Trade Groups Request NDAA Blacklist Delay Citing Coronavirus on Apr 06, 2020
Two trade groups representing government contractors have asked Congress to delay implementation of the NDAA's 'blacklist' clause from this August...
Coronavirus Hits Manufacturers, Standing Now, Worse To Come on Apr 06, 2020
Coronavirus is hitting security manufacturers, though overall modestly for now, with worse expected to come, new IPVM survey results...
FLIR New Coronavirus Prioritized Temperature Screening Camera Examined on Apr 03, 2020
FLIR has announced a new series of thermal cameras "prioritized for entities working to mitigate the spread of COVID-19 virus", the A400/A700...
ADI Branch Burglary on Apr 03, 2020
A security systems distributor branch is an odd target for burglary but that happened this week at ADI's Memphis location. Vehicle Smash &...